CVE-2026-22692

October is a Content Management System CMS and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in the optional Twig safe mode feature CMSSAFEMODE. Certain methods on the collect helper were not properly restricted, allowing...

CVE-2026-44371

Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2...

CVE-2026-44371

Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2...

EUVD-2026-22357

October Rain has a Twig Sandbox Bypass via Collection Methods...

PT-2026-32697

Name of the Vulnerable Software and Affected Versions October versions prior to 3.7.13 October versions 4.0.0 through 4.1.4 Description A sandbox bypass exists in the optional Twig safe mode feature CMS SAFE MODE. Certain methods on the collect helper were not properly restricted, allowing...

Security update for rabbitmq-server (moderate)

openSUSE security update: security update for rabbitmq-server ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20082-1 Rating: moderate References: bsc1246091 Cross-References: CVE-2025-30219 CVSS scores: CVE-2025-30219 SUSE : 6.1...

CVE-2025-64030

Eximbills Enterprise 4.1.5 Built on 2020-10-30 is vulnerable to authenticated stored cross-site scripting CWE-79 via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPLINFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript...

EUVD-2020-0086

Malware in sbrugna...

EUVD-2023-44109

Malicious code in bioql PyPI...

EUVD-2023-28315

Malicious code in bioql PyPI...

EUVD-2022-1693

Malicious code in bioql PyPI...

EUVD-2024-29176

Malicious code in bioql PyPI...

CVE-2023-24258

SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request...

CVE-2022-45811

Missing Authorization vulnerability in WeyHan Ng Post Teaser.This issue affects Post Teaser: from n/a through 4.1.5...

CVE-2020-35438

Cross Site Scripting XSS vulnerability in the kk Star Ratings plugin before 4.1.5...

CVE-2024-6667 kbucket < 4.1.5 - Reflected XSS

The KBucket: Your Curated Content in WordPress plugin before 4.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin...

WordPress plugin KBucket 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Enable Media Replace 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

CVE-2025-2098

Fast CAD Reader application on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users...

Plikli CMS 4.1.5 SQL Injection

Plikli CMS version 4.1.5 suffers from a remote SQL injection vulnerability. Exploit Title: Plikli CMS 4.1.5 - 'randkey' SQL Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 05.03.2024 Vendor Homepage: https://github.com/kkumar326/plikli Software Link:...